Modeling Web Services for Test Case Generation
Transcript of Modeling Web Services for Test Case Generation
Service Oriented Architectures Security
Ernesto Damiani
Università di Milano
Modeling Web Services for Test Case Generation
Doctoral School – Security Patterns for ITC Infrastructures, March-April 2011
Reference Scenario
● Distributed and service-based infrastructure that includes three parties
• a customer accessing a service provided by a supplier
• a supplier implementing and providing a service by exposing its interfaces through the Web
• one or more third parties that have a business relationship with the supplier and provide a set of services that are used by the supplier to implement its business process
Reference Scenario: e-Bank
● Supplier provides an e-Bank service
● Customers check their account, make fund transfer, and pay taxes
● Interfaces
• boolean subscription(username,password,profile)
• boolean login(username,password)
• result fundTransfer(info,amount)
• result payTaxes(info,amount)
• boolean confirm(id)
• result getStatus(account_id)
Service implementation paradigms
Single-call service, a single interface is
exposed and all activities are managed as
supplier-internal computations
Conversation, the supplier defines a WSCL file
specifying the interactions with the
customers in order to release the service
Orchestration or choreography, services are
composed by the supplier to implement its
business process
Web Service Modeling
● Model of a service is the basis for test-based certification of service security properties
• Systems defined using a Symbolic Transition System (STS) model
• Each transition regulated by a guard
● Models are provided at different levels of granularity
• WSDL
• WSCL
• Test-based conditions (input-output constraints on variables)
• Implementation details
• WS-Policy
Web Service Modeling: Levels (1)
WSDL Interface only: A first basic STS-model considers
the case in which a service provider exposes only the
WSDL interface of its service
WSDL interface extended with test-based conditions: A
service provider may be willing to expose WSDL
interface enriched with test-based conditions on
input and output calls
Extended WSDL interface and stateful implementation:
The service provider may be willing to present the
low-level stateful implementation of the service
Web Service Modeling: Levels (2)
WSDL Interface only WSDL with test-based conditions:
Extended WSDL and stateful implementation
Web Service Modeling: Levels (3)
WSCL Interface only: The service provider may be willing to
expose only the WSCL interface modeling the conversation
with its customers
WSCL interface extended with test-based conditions: The
service provider may be willing to expose WSCL interface
enriched with test-based conditions on input and output
calls
Extended WSCL interface and stateful implementation: The
service provider may be willing to expose WSCL interface
enriched with the overall stateful implementation
Web Service Modeling: Levels (4)
WSCL Interface only WSCL with test-based conditions:
Extended WSCL and stateful implementation
Web Service Modeling: Levels (5)
Web service security specification: consideration of
security services at container level
• Implemented on the top of the existing services
• Preserve integrity and confidentiality of the messaging
• Model of the service extended with hidden communication (e.g., key exchange)
An ordering is established between different models at
different granularities
Models used to match and compare service certificates
Evidence-based Certification: A Model-based Approach
● Model-based testing for service certification
● Need to specify in the certificate the amount of information (model) available at certification time
● The quality and effectiveness of the testing activities strongly depend on the available model
• E.g., WSDL-only permits black box testing, while implementation details permit white box testing with high coverage
bankTransfer service: robustness against input malformation (1)
Simplified service that implements a single
bankTransfer(info,amount) function
The model includes extended WSDL interfaces
and stateful implementation
The customer calls bankTransfer(info,amount)
and waits for the result
bankTransfer service: robustness against input malformation (2)
● [c1] includes the call to the function
bankTransfer and requires amount
to be greater than zero and less
than a max amount
● [c2] returns the output to the caller,
and requires the amount in the
result to be equal to the amount in
the request, and the new balance to
be equal to balance - amount or to
be equal to ‘error’
● [d1]: balance≥amount
● [~d1]: balance<amount
e-Bank service: Integrity (1)
● e-Bank service with a model including WSCL
interfaces extended with test-based conditions
● The customer
1. logs in
2. calls bankTransfer(info, amount) to make the transfer
3. calls confirm(id) for the final confirmation
● This model does not take into account the signature
verification algorithm “provision is in place”
● A stronger certificate can be made on a model
including internal signature checking
● Integrity can be certified at container level (WS-
Security, WS-Policy)
Another Example: IFX-Based Reverse ATM Service
IFX-based Deposit and Withdrawal service
• Provides the typical functionalities of a reverse ATM for deposit and withdrawal
• It allows clients to remotely deposit/withdraw money in/from their bank account
• Clients can use a credit/debit card with PIN, or a username and password to authenticate to the IFX-based service at the bank via the reverse ATM.